UWP DoDragDrop

c++ / delphi package - dll injection and api hooking

UWP DoDragDrop

Postby DohyunShin » Wed Nov 02, 2016 8:36 am

Sorry ,,it's not about MadHook question.
There is no one that i can ask. help me.. :sorry:

I did hooking DoDragDrop API at the desktop(explorer.exe) and then dropped a text file on some UWP applications from desktop.
The UWP applications are 'Edge', 'Line'(messenger) and 'Mail'.

The file i dropped was attached successfully at the apps..
But the pdwEffect's value was 0 on the DoDragDropCallback function. In the Edge and Line.
Its value wasn't zero in the Mail.

zero value is DROPEFFECT_NONE(Drop target cannot accept the data.)

Do you know why??
DohyunShin
 
Posts: 8
Joined: Thu Oct 20, 2016 2:30 am

Re: UWP DoDragDrop

Postby madshi » Wed Nov 02, 2016 9:30 am

What is the return value in this situation? I think that's the most important thing to look at. Maybe some drop targets don't properly fill in the pdwEffect value? I don't really know.
madshi
Site Admin
 
Posts: 9316
Joined: Sun Mar 21, 2004 5:25 pm

Re: UWP DoDragDrop

Postby iconic » Wed Nov 02, 2016 7:40 pm

Edge has heightened security and there could be a number of reasons for failure. You might also consider it's a problem based on User Interface Privilege Isolation (UIPI). I've run into this several times when doing drag 'n drop in the past if the process doing the dropping has a lower integrity level. IIRC I had to explicitly allow these messages:

WM_DROPFILES
WM_COPYDATA
WM_COPYGLOBALDATA

in a call to ChangeWindowMessageFilter()

--Iconic
iconic
 
Posts: 793
Joined: Wed Jun 08, 2005 5:08 am

Re: UWP DoDragDrop

Postby DohyunShin » Thu Nov 03, 2016 4:30 am

When I dropped a file on the Edge, HRESULT(DoDragDrop's return value) is DRAGDROP_S_DROP and dwEffect's value is zero.

I used a spy++ program in order to look the WM(WM_DROPFILE, COPY .. )at the Edge.
But There was no any WM.
DohyunShin
 
Posts: 8
Joined: Thu Oct 20, 2016 2:30 am

Re: UWP DoDragDrop

Postby iconic » Thu Nov 03, 2016 11:02 am

If "Edge" doesn't register the messages I posted in my previous post then you will NOT see those messages. It's why they need to be explicitly "added" with the filter API. Read about UIPI, it applies to what you're dealing with. If Spy++ isn't showing the messages then it's pretty safe to say this is likely the issue since they do not seem to be added i.e> don't see the messages = not added

--Iconic
iconic
 
Posts: 793
Joined: Wed Jun 08, 2005 5:08 am


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 3 guests